How to Test Critical Actions

In the Sandbox environment, you can validate the critical action token using the default value “000000”.

If needed, we can disable the token for transfers in Sandbox. However, it’s important to know that the TOKEN is a security validation and, in its absence, the account may be more susceptible to improper actions.

As a suggestion, if there is one IP—or a few specific IPs—that perform account operations, restrict access so that only these are allowed, and if the Asaas system identifies an action from any other IP, it blocks the action. You can also use our webhook-based mechanism to validate withdrawals for increased security.

To make this request, send an email to the Integrations Success team.